It does not happen all that often when researchers find a cross-platform malware. A new malicious Word document is a cause of great concern, though, as it can infect both Mac OS X and Windows computers alike. A very unusual development, since criminals very a rarely target the Macintosh platform due to its lesser popularity. It is unclear how harmful this new type of malware might be, though.
A Cross-Platform Malware Strain is Unusual
This latest type of malware has security researchers concerned all over the world. Even though it requires victims to manually enable macros while opening the file in question, it seems plausible to assume a lot of damage can be done. Criminals have flocked to infecting Word documents with malware over the past few months, and it appears this trend will not go away anytime soon.
Once a recipient opens the Word file in question and has macros enabled, the malware code is executed on the computer. Since this malicious software can infect both Windows and Mac OS X machines, it goes to show that criminals have quite an elaborate plan. Macintosh users are often safe from these types of attacks, since the Mac OS market share is nearly negligible. That being said, it was only a matter of time until this platform would come under scrutiny from cyber criminals.
Moreover, Mac OS users will not see the malicious file being downloaded in the background. This is made possible thanks to the Python wrapper used to distribute this malware. Once the Python script is downloaded and executed by the computer user, it will communicate with the assailant’s server to download the malware in question. The Python script in question appears to be a modded version of a Python meterpreter file, which is a common method of attack among cyber criminals these days.
The Windows malware variant is a bit more sophisticated, by the look of things. Under the hood, there are several layers of code and encryption wrapped around one another. One researcher refers to this as a “Russian nesting doll”, which seems to be an accurate description. Unlike the Mac OS X version, the Windows variant downloads a 64-bit DLL file which communicates with the assailant’s server. This also hints at how this new malware man only affected 64-bit versions of Windows, albeit that has not been officially confirmed.
Luckily, it appears researchers have figured out how this malware spreads. Or to be more precise, they feel they figured out this process used currently, although it remains unclear how this distribution phase may evolve in the future. Moreover, there is no indication as to who may be behind this new malware. It goes to show there is a bright future ahead for Microsoft Office macro-based malware, although that does not bode well for computer users.
What is especially worrisome is how more and more malware types are deliberately attacking Mac OS users as of late. Until a few months ago, such a threat seemed nearly inconceivable. However, this goes to show the Macintosh operating system is not safe from harm by any means. In February of 2017, researchers came across another malware type affecting Mac OS systems. It is unclear if the same group is behind this new malware, though. Cross-platform malware attacks are slowly becoming a trend, that much is certain.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.